CVE-2023-33873

Summary

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.

Affected Software

VendorProductVersion RangeStatus
AVEVASystemPlatform0 <= 2020 R2 SP1 P01affected
AVEVAHistorian0 <= 2020 R2 SP1 P01affected
AVEVAApplication Server0 <= 2020 R2 SP1 P01affected
AVEVAInTouch0 <= 2020 R2 SP1 P01affected
AVEVAEnterprise Licensing (formerly known as License Manager)0 <= 3.7.002affected
AVEVAManufacturing Execution System (formerly known as Wonderware MES)0 <= 2020 P01affected
AVEVARecipe Management0 <= 2020 R2 Update 1 Patch 2affected
AVEVABatch Management0 <= 2020 SP1affected
AVEVAEdge (formerly known as Indusoft Web Studio)0 <= 2020 R2 SP1 P01affected
AVEVAWorktasks (formerly known as Workflow Management)0 <= 2020 U2affected
AVEVAPlant SCADA (formerly known as Citect)0 <= 2020 R2 Update 15affected
AVEVAMobile Operator (formerly known as IntelaTrac Mobile Operator Rounds)0 <= 2020 R1affected
AVEVACommunication Drivers Pack0 <= 2020 R2 SP1affected
AVEVATelemetry Server0 <= 2020 R2 SP1affected

Weaknesses

  • CWE-250: CWE-250 Execution with Unnecessary Privileges

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References